Roughly described, a network interface device receiving data packets from
a computing device for transmission onto a network, the data packets
having a certain characteristic, transmits the packet only if the sending
queue has authority to send packets having that characteristic. The data
packet characteristics can include transport protocol number, source and
destination port numbers, source and destination IP addresses, for
example. Authorizations can be programmed into the NIC by a kernel
routine upon establishment of the transmit queue, based on the privilege
level of the process for which the queue is being established. In this
way, a user process can use an untrusted user-level protocol stack to
initiate data transmission onto the network, while the NIC protects the
remainder of the system or network from certain kinds of compromise.